Where’s the Money in CyberSecurity?

Last week, I posted about Fake Profiles on LinkedIn and how these profiles create personal cybersecurity risks. This lead me to the topic of cybersecurity and specifically IoT security.

According to Forbes, "Worldwide spending on information security will reach $75 billion for 2015," and "the global cybersecurity market is expected to be worth $170 billion by 2020." Additionally, "A new cybercrime wave is driving IoT spending, and the Internet of Things (IoT) security market is expected to grow from $6.89 billion in 2015 to nearly $29 billion by 2020." This is inline with the numbers Derek Harpprovided at the Cyberwar Battlefield session on August 18, 2016. At this session held by the Wireless Technology Forum, Derek Harp cited that the cybersecurity spending was $1 billion in 1997, has grown to $80 - $90 billion today, and will grow to $180 billion within the next 15 years.

Cybersecurity is not just a B2C or B2B concern, panelists cited examples in both arenas.

Mobile Banking

The topic of mobile banking came up on the panel multiple times. There is a certain segment of the population (some I know personally) who won't bank on their mobile device (and online) due security concerns. Fortunately, the panel of cybersecurity experts took a moderate approach to mobile banking as they all admitted that they personally bank on their mobile devices. I looked up a few articles with specific tips on protecting yourself when banking on mobile devices:

Home Automation

Last week I cited the example of a ransomware attack on a home thermostat.

The panel brought up ZigBee and Z-Wave home automation systems have all been perpetrated by both white hat and black hat hackers. All cybersecurity panelists had personally implemented one or more types of home automation systems. Each panelist approached home automation in a different way. One panelist implemented Nest, another panelist implemented home automation for switches, but not his front door lock, and the third panelist set up each home automation network separately in the event that if one system was hacked, the other systems would not be affected.

Industry 4.0

Industry 4.0 is a concept that was highlighted during TAG's IoT Symposium on July 19, 2016 as the Fourth Industrial Revolution. My recap of the IoT Symposium here. The about of "big data" collected by machines, locomotives, factories, utilities has created a target rich environment for hackers.

The panel brought up poignant examples including:

Ukrainian Power Grid Hack

This hack took down 30 substations, 2 additional power stations, and disabled backup power affecting 230,000 customers for 6 hours.  This hack was initiated by hackers sending emails to employees with WORD documents. When employees enabled the macros on these WORD documents, they unknowingly released a malware program known as BlackEnergy3 and opened a backdoor to the hackers.  https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/

BitPay

In a nutshell, hackers gained access to the CFO's credentials and pretending to be the CFO, sent messages to the CEO asking for bit coin transfers. This phishing scam cost BitPay the equivalent of $1.8 million USD / 5,000 bitcoins.  https://cointelegraph.com/news/bitpay-hacked-for-over-18-million-in-bitcoins

What does this mean for you and me?

Do we stop using apps containing sensitive information? Do we created unique passwords for each of our accounts and stop using login with Facebook/Google/Twitter?

The panel concluded that businesses need to implement more robust security systems and people, either as employees and/or consumers, need to become more aware and get educated on how to protect themselves from hackers.

Watch the entire panel discussion here: